Hal, Lee et all, Firstly, the group vs. permission is very application/scenario specific - in some cases I use one and in some the other as makes sense...
Now let me drag you back and take another look at that bits vs. text thingy: As one who has been happily using bit based security permissions I shouldn't kick'em, BUT they do have several drawbacks: 1. limited to 32 bits with integers (i.e. only 32 groups or 32 permissions per mask) 2. you have to create a mapping between the bit values and their "meaning" and in our case maintain two mappings - one in a db table used for the admin tool which dynamically displays each mapped value as a check box, and then again in the code as a structure of constants. 3. the use of BitOr and BitAnd for checking the rights even though simple and clear for all of us who grew up on assembler and C, is not that clear to the rest of the world... the other solution - a text list - solves the above three problems yet suffers from other problems when trying to add or remove permissions (and have only one of each), not to mention performance (parsing a list etc.) OK now that I've talked about problems let's talk about solutions: What is needed is an associative link between a key (text description of the security permission) and a boolean value (true, false). This begs for the use of a CF structure and a custom tag to handle looping through the list to add or remove keys. Such as: <CF_SecManager map="request.AnonPermissions" AddList="read,edit,create"> <CF_SecManager map="request.AdminPermissions" Add="request.AnonPermissions"> <CF_SecManager map="request.AdminPermissions" AddList="delete,archive"> <CF_SecManager map="request.UserPermissions" Add="request.AdminPermissions"> And to check for a permission: <CFIF StructKeyExists(request.UserPermissions, "archive") CF_SecManager need support these actions: Modify using existing permissions structures Add Remove Modify using text lists AddList RemoveList A side benefit - you can always get back a list of the permissions (names of the keys using StructKeyList(structure) ) And I'll leave the writing of CF_SecManager as an exercise for the reader (Lee you love this king of thing ;-) Cheers, Noam ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
